Quad9 collects lists of malicious domains from a wide range of commercial and open list providers, and embeds that threat-blocking data in a highly private, high-performance DNS recursive resolver (22.214.171.124). Quad9 is a non-profit, and the service is available for free to users worldwide.
What problem are you trying to solve?
Quad9’s mission is to improve security, privacy, and performance of the internet – for free. Our goal is to prevent end users from reaching sites that intend harm, promote fraud, or create conditions that effect people in a way that they would not reasonably want to be effected.
By working with the administrators of networks as well as with end users, Quad9 provides a no-cost, easy-to-deploy solution that can be implemented across any devices that use the internet: mobile, desktop, and IoT devices all benefit from DNS-based blocking services.
As a non-profit funded by sponsorship, Quad9 does not monetize or even collect any data about end users, and our privacy guarantees are enforced by some of the strongest data privacy protection laws that exist.
How are you solving that problem?
DNS-based filtering is a highly effective (****link to GCA study) method of protection in any security portfolio, and can be implemented on all devices on a network as easily as changing the settings on a DHCP server or in the network settings of a laptop. Even IoT devices can benefit from DNS-based protections.
Quad9 uses a variety of lists to build our rapidly-updated threat data profile. We have partnerships with roughly twenty different sources of malicious domain & host name data, each list having unique methods of discovering risks. We have specific lists that provide DGA domains, stalkerware/spyware, typographic homographs, phishing, COVID-related fraud, and many other targeted feeds as well as broad-spectrum malware/ransomware/C2 detection. Quad9 doesn’t create or detect DNS-based risks ourselves – we are focused on the DNS implementation of blocks based on IOCs generated by others who are experts in their particular detection areas. We provide a feedback loop of volumetric results to those threat providers in order to allow them to improve their algorithms, which helps not just Quad9 users but all consumers of those various lists.
The simple act of changing your DNS resolvers to our most commonly-used set of resolver IP addresses (126.96.36.199, 188.8.131.52, 2620:fe::fe) gives immediate protection, blocking at least 60 million malicious events per day across our worldwide network deployed in more than 180 locations in more than 90 nations.
How has the pandemic impacted your company?
COVID caused a recognizable increase in fraudulent activity in the first few months of the pandemic, with sites springing up claiming to have medication information or registration for various causes when in fact they were spreading malware or impersonating well-known healthcare organizations for the purposes of economic fraud.
In response to this, several of our threat intelligence partners collected COVID-specific domain data about these new harmful sites, and the team here was quickly able to implement the new steams of data to block hundreds of millions of attempts by victims to access these dangerous endpoints. Thankfully, the rise in these types of sites dropped over time as they were taken down by law enforcement or other action or simply became less effective.
Where do you see your company going in 5 years?
Quad9 is pushing for better security, better privacy, and we are raising the bar for everyone (commercial and non-commercial) in the DNS community. Our goal is not to dominate the market, like a commercial firm would wish – we hope to provide the “gold standard” of security, privacy, and performance and force others to improve their offering to come closer to what we provide. In that way, we meet our mission goals.
In 5 years, Quad9 will see a larger team, a larger network, and will continue to be driving the commercial market into doing better things for their users by offering an alternative that provides the best possible solution. “User choice” is what we want to continue to deliver, and for those users that are on our platform we hope to protect them against an even larger range of security threats, with our continued guarantees of privacy.
What is the next big challenge in information security?
The big challenge is to keep the malicious actors from leveraging application-layer privacy in a way that makes their actions invisible to detection. There is a strong and very legitimate interest in improving privacy – we are very much on the side of keeping user data private, or not recording it at all.
Traditionally, the DNS is an operating system decision, and applications ask the O/S to perform lookups, and in turn those lookups can be filtered through a threat blocking tool locally or remotely. The network administrator typically has the default controls over that by distributing DNS server information to clients, or can manage the operating system so that DNS queries are sent to a threat mitigation platform, either locally provided or cloud-provided, such as Quad9.
The near future may hold the case where applications automatically choose their own DNS services, with different security than may be desired, or no security at all. These decisions may vary from application to application, and some applications may “behave” within a local security context, and some may not. Security administrators are about to lose visibility and control of how clients on their network interact with both innocent as well as harmful remote systems.
But we are also advocates of local security being managed actively by the end user or administrator, and not having those decisions made by an application developer whose goals may not be aligned with the same security models that the local environment requires. It is worrisome that applications may make defaults-based decisions which remove local control, as this can create significant security risks in some circumstances where a DNS firewall such as Quad9 was not the DNS resolver implemented.
The rapid switch to encrypted DNS is a positive in many cases for user privacy, but in managed security circumstances may inadvertently lead to open warfare between security administrators and application developers. The loser in that equation will be the end user unless a very deeply-considered approach is taken.
How do people get involved/buy into your vision?
TL;DR: Sponsorship by companies and individuals makes our service possible, and is well worth the distributed investment.
We rarely have to explain to end users why they should use the service or get involved – a free, private, high-security easy-to-install method like Quad9 doesn’t need much in the way of selling. The biggest impediment we have for end user adoption is that we are far less well-known than commercial options which monetize user data (directly or indirectly) and so getting larger awareness about the service is mostly word-of-mouth.
We have limited funding for marketing, so we ask our end users: either tell your friends about the benefits of the service, or go to our webpage and make a donation of an amount you think might be worth what you would pay to avoid having your desktop bricked or your credit/debit card number stolen.
Quad9 still relies primarily on corporate sponsorships. Corporate sponsors provide us with infrastructure, resources, and data beyond the reach of any single commercial solution today, and we’re always looking for partners who can take our service into new areas. Quad9 benefits corporate goals by preventing ransomware, spear phishing, malware distribution, spyware, and other risks that cost thousands or millions of dollars per incident.
In ways that indirectly benefit commercial organizations and economic security, Quad9 also protects high-value customers who are targeted for fraud in the financial services, cryptocurrency, or B2B transaction community. These direct and indirect benefits are worth millions in “cure” – it’s worth it for companies to sponsor Quad9 with a few “ounces” of prevention, in the form of sponsorship donations.